Commit 7cb86eb3 authored by Dmitriy Zaporozhets's avatar Dmitriy Zaporozhets

Dont allow LDAP users to change password inside GitLab

parent bd6dfe7d
......@@ -2,6 +2,9 @@ class ProfilesController < ApplicationController
include ActionView::Helpers::SanitizeHelper
before_filter :user
before_filter :authorize_change_password!, only: :update_password
before_filter :authorize_change_username!, only: :update_username
layout 'profile'
def show
......@@ -53,9 +56,7 @@ class ProfilesController < ApplicationController
end
def update_username
if @user.can_change_username?
@user.update_attributes(username: params[:user][:username])
end
respond_to do |format|
format.js
......@@ -80,4 +81,12 @@ class ProfilesController < ApplicationController
user_attributes
end
def authorize_change_password!
return render_404 if @user.ldap_user?
end
def authorize_change_username!
return render_404 unless @user.can_change_username?
end
end
......@@ -340,4 +340,8 @@ class User < ActiveRecord::Base
nil
end
end
def ldap_user?
extern_uid && provider == 'ldap'
end
end
- if Gitlab.config.omniauth.enabled
- unless current_user.ldap_user?
- if Gitlab.config.omniauth.enabled
%fieldset
%legend Social Accounts
.oauth_select_holder
......@@ -8,28 +9,7 @@
= link_to authbutton(provider, 32), omniauth_authorize_path(User, provider)
%fieldset.update-token
%legend
Private token
%span.cred.pull-right
keep it secret!
.padded
= form_for @user, url: reset_private_token_profile_path, method: :put do |f|
.data
%p.slead
Private token used to access application resources without authentication.
%br
It can be used for atom feed or API
%p.cgray
- if current_user.private_token
= text_field_tag "token", current_user.private_token, class: "xxlarge large_text"
= f.submit 'Reset', confirm: "Are you sure?", class: "btn btn-primary btn-build-token"
- else
%span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token"
%fieldset.update-password
%fieldset.update-password
%legend Password
= form_for @user, url: update_password_profile_path, method: :put do |f|
.padded
......@@ -53,6 +33,27 @@
%fieldset.update-token
%legend
Private token
%span.cred.pull-right
keep it secret!
.padded
= form_for @user, url: reset_private_token_profile_path, method: :put do |f|
.data
%p.slead
Private token used to access application resources without authentication.
%br
It can be used for atom feed or API
%p.cgray
- if current_user.private_token
= text_field_tag "token", current_user.private_token, class: "xxlarge large_text"
= f.submit 'Reset', confirm: "Are you sure?", class: "btn btn-primary btn-build-token"
- else
%span You don`t have one yet. Click generate to fix it.
= f.submit 'Generate', class: "btn success btn-build-token"
- if current_user.can_change_username?
%fieldset.update-username
%legend
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment